Showing results for 
Search instead for 
Did you mean: 

Deny DHCP on certain ports

Deny DHCP on certain ports

New Contributor

I have an extreme switch that is connected back to a Cisco core. switch that does all the routing.  Users attached to the Extreme switch are able to utilize DHCP.  However, I now have another "unmanaged" switch that sits off port 22 on this Extreme Switch and i need to deny any users that connect to this "unmanaged" switch the ability to get an IP address using DHCP.  Is this possible?



New Contributor

What a wealth of useful information you have provided.
LiteBlue USPS 

New Contributor II

You probably could DHCP Snooping and leave port 22 as an untrusted port.

New Contributor

Yes, it is possible to deny users connected to an "unmanaged" switch the ability to obtain an IP address through DHCP. You can achieve this by implementing port-based access control or VLAN-based access control on the Extreme switch.


Here are two possible approaches:

1. Port-based access control: Configure port 22 on the Extreme switch to restrict DHCP traffic. You can configure the port to block DHCP requests from devices connected to the "unmanaged" switch. This can be done using access control lists (ACLs) or port security features available on the Extreme switch.
2. VLAN-based access control: Assign the port 22 on the Extreme switch to a specific VLAN (let's say VLAN X) and configure the DHCP server to only provide IP addresses to devices in other VLANs. This way, devices connected to the "unmanaged" switch, which is connected to port 22, will not receive IP addresses from the DHCP server.


The specific configuration steps may vary depending on the model and software version of your Extreme switch. It is recommended to consult the product documentation or seek assistance from the vendor or a network specialist to configure the access control properly. PaybyPlateMa Pay Online


Best regard,

To deny DHCP on certain ports, you would typically configure an ACL rule that blocks DHCP traffic on those specific ports. The exact steps to implement this will depend on the network equipment and the specific command-line interface (CLI) or graphical user interface (GUI) it uses. Here is a general outline of the process:

  1. Identify the ports: Determine the ports on which you want to deny DHCP traffic. These could be physical ports or VLAN interfaces.

  2. Access the network equipment: Connect to the CLI or GUI of your network equipment, such as a router or switch, using the appropriate management method (e.g., SSH, telnet, or web browser).

  3. Define the ACL rule: Create an ACL rule that denies DHCP traffic. Depending on the equipment, you may need to specify the protocol (UDP), source and/or destination IP addresses, and the DHCP server and client port numbers (usually UDP port 67 and 68).

  4. Apply the ACL to the ports: Apply the ACL to the desired ports or VLAN interfaces to enforce the rule. This can typically be done by associating the ACL with an interface or by applying it to an inbound or outbound direction on the interface.

  5. Verify the configuration: Verify that the ACL is applied correctly and is blocking DHCP traffic on the specified ports. Test the configuration by attempting to perform DHCP requests on those ports and ensuring that they are denied.



Know More